General

  • Target

    22cb4033f5daa33c2ff376e37902c8a147503155b31e5a723bb1ef05588c4ad1

  • Size

    158KB

  • Sample

    210624-mqhg33jzsj

  • MD5

    17d6c38ec4ed74fde6c4e6a60b7e3d27

  • SHA1

    6d29c55d7631130a74ec9c841167b05854acc936

  • SHA256

    22cb4033f5daa33c2ff376e37902c8a147503155b31e5a723bb1ef05588c4ad1

  • SHA512

    b7dd5c0ee9e968acb2b6a612dd896a7348326465d4cd6ad3f8dcb0f36f182500cfa1ed9a3597e4c7e99969592ae7a91443ef5e59febf0e02f932eb2a5492eef0

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

8.210.53.215:443

72.249.22.245:2303

188.40.137.206:8172

rc4.plain
rc4.plain

Targets

    • Target

      22cb4033f5daa33c2ff376e37902c8a147503155b31e5a723bb1ef05588c4ad1

    • Size

      158KB

    • MD5

      17d6c38ec4ed74fde6c4e6a60b7e3d27

    • SHA1

      6d29c55d7631130a74ec9c841167b05854acc936

    • SHA256

      22cb4033f5daa33c2ff376e37902c8a147503155b31e5a723bb1ef05588c4ad1

    • SHA512

      b7dd5c0ee9e968acb2b6a612dd896a7348326465d4cd6ad3f8dcb0f36f182500cfa1ed9a3597e4c7e99969592ae7a91443ef5e59febf0e02f932eb2a5492eef0

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks